Executive Summary

Summary
Title New mailman packages fix denial of service
Informations
Name DSA-955 First vendor Publication 2006-01-25
Vendor Debian Last vendor Modification 2006-01-25
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Two denial of service bugs were found in the mailman list server. In one, attachment filenames containing UTF8 strings were not properly parsed, which could cause the server to crash. In another, a message containing a bad date string could cause a server crash.

The old stable distribution (woody) is not vulnerable to this issue.

For the stable distribution (sarge) this problem has been fixed in version 2.1.5-8sarge1.

For the unstable distribution (sid) this problem has been fixed in version 2.1.5-10.

We recommend that you upgrade your mailman package immediately.

Original Source

Url : http://www.debian.org/security/2006/dsa-955

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10038
 
Oval ID: oval:org.mitre.oval:def:10038
Title: Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).
Description: Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).
Family: unix Class: vulnerability
Reference(s): CVE-2005-3573
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10660
 
Oval ID: oval:org.mitre.oval:def:10660
Title: Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
Description: Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
Family: unix Class: vulnerability
Reference(s): CVE-2005-4153
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 25

OpenVAS Exploits

Date Description
2008-01-17 Name : Debian Security Advisory DSA 955-1 (clamav)
File : nvt/deb_955_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
21723 Mailman Message Processing Date Field Overflow

20819 Mailman Scrubber.py utf8 Filename Processing DoS

Snort® IPS/IDS

Date Description
2015-03-27 GNU Mailman date field buffer overflow attempt
RuleID : 33564 - Revision : 3 - Type : SERVER-MAIL
2014-01-10 utf8 filename transfer attempt
RuleID : 12597 - Revision : 7 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-955.nasl - Type : ACT_GATHER_INFO
2006-07-03 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2006-0204.nasl - Type : ACT_GATHER_INFO
2006-03-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2006-0204.nasl - Type : ACT_GATHER_INFO
2006-01-21 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-242-1.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2005-222.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:34:51
  • Multiple Updates